I got the email...unsure, I googled it and seems that Ubisoft or someone had spread the word on this. So after seeing it had been reported on several sites I trundle off to the ubisoft website and change it.
Quiet straight forward

The "hover over the link" technique is the best way to tell if legit, just received an e-mail like that, and look the link that appeared when hovered over www.ubisoft.com
It indeed was requested to change my password when I tried to log in to the ubisoft forum, but I did it the safe way, using the forum login to request a password reset, funny that I have 2-step verification enabled, and also asked the pin to login, so was kinda useless to change password, only I access to my phone and the code generator.